9c3c6e89-3916-498f-81e5-da057ab3ed42

windbg.sys :inline :inline

Description

Kernel driver seen in a recent CopperStealer campaign.

  • UUID: 9c3c6e89-3916-498f-81e5-da057ab3ed42
  • Created: 2023-04-22
  • Author: Michael Haag
  • Acknowledgement: |

DownloadBlock

This download link contains the malicious driver!

Commands

sc.exe create windbg.sys binPath=C:\windows\temp\windbg.sys type=kernel && sc.exe start windbg.sys
Use CasePrivilegesOperating System
Elevate privilegeskernelWindows 10

Detections

YARA 🏹

Expand

Exact Match

with header and size limitation

Threat Hunting

without header and size limitation

Sigma 🛡️

Expand

Names

detects loading using name only

Hashes

detects loading using hashes only

Sysmon 🔎

Expand

Block

on hashes

Alert

on hashes

Resources


  • https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft
  • https://twitter.com/jaydinbas/status/1642898531445886978?s=20
  • https://twitter.com/jaydinbas/status/1646475092006785027?s=20

  • Known Vulnerable Samples

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD588bea56ae9257b40063785cf47546024
    SHA1b5a8e2104d76dbb04cd9ffe86784113585822375
    SHA256e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
    Authentihash MD5265462dbda175886e0c02257f2385753
    Authentihash SHA10e45b675fec76249e64f8a2d4bd5483886b91169
    Authentihash SHA25637a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD5b6b530dd25c5eb66499968ec82e8791e
    SHA19c1c9032aa1e33461f35dbf79b6f2d061bfc6774
    SHA256fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
    Authentihash MD5dbc72430b48b0ca636a84b9e5ed0d534
    Authentihash SHA158ca196bfd54c6166aae0f8000fa8a1a66a0073e
    Authentihash SHA25645b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f3158ea57d1c559f290000000000f3
    FieldValue
    ToBeSigned (TBS) MD58d4476692bcda36ed89244b94bd705f0
    ToBeSigned (TBS) SHA1ce72176d5cad611366e13a9a997ad7ecc7eb815f
    ToBeSigned (TBS) SHA256dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:51
    ValidTo2023-12-15 19:14:51
    Signature04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f3158ea57d1c559f290000000000f3
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD540b968ecdbe9e967d92c5da51c390eee
    SHA1b8b123a413b7bccfa8433deba4f88669c969b543
    SHA25606c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
    Authentihash MD598a3ab2b723de48256701b417ff87a65
    Authentihash SHA1ff80d6663a92ff454526e88847cbb4d9bd00e21e
    Authentihash SHA25679278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f5e8773b206b1ccd610000000000f5
    FieldValue
    ToBeSigned (TBS) MD5bf6aed18e4c3fd6ac87330096df18117
    ToBeSigned (TBS) SHA1f96be504b875f1e63bf51eacc6768e4fdecddcc6
    ToBeSigned (TBS) SHA25676c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:52
    ValidTo2023-12-15 19:14:52
    Signature5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f5e8773b206b1ccd610000000000f5
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-07 08:50:35
    MD540f35792e7565aa047796758a3ce1b77
    SHA16df35a0c2f6d7d39d24277137ea840078dafb812
    SHA256139f8412a7c6fdc43dcfbbcdba256ee55654eb36a40f338249d5162a1f69b988
    Authentihash MD53a2404b8c4c87facf5316e4ff16bd603
    Authentihash SHA1ff3d240cf0faeafb37f176b71151dd83b2177a0e
    Authentihash SHA256e307ebe2d43cc8e290e5ade032a6e38bc6961439f92d6e99b954bf1368a975ef
    RichPEHeaderHash MD557462998048f7ee977ca73cacd0a8a2a
    RichPEHeaderHash SHA1f1a4626b2b16389bf879d451c63ff53bca825d23
    RichPEHeaderHash SHA2569e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5f9e06262d2eed425c886a4709350426
    FieldValue
    ToBeSigned (TBS) MD5e01323d4e9f20b9c042abdd9585d2d81
    ToBeSigned (TBS) SHA1d1fab71f563191354037fe0bb8bf73718c721e45
    ToBeSigned (TBS) SHA2569db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
    SubjectC=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.
    ValidFrom2014-05-06 00:00:00
    ValidTo2015-05-06 23:59:59
    Signature14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5f9e06262d2eed425c886a4709350426
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3
    Certificate 300f6facdd6698747ca94636a7782db9
    FieldValue
    ToBeSigned (TBS) MD563499ed59a1293b786649470e4ce0bd7
    ToBeSigned (TBS) SHA17309d8eaa65da1f3da7030c08f00a3b0a20fa908
    ToBeSigned (TBS) SHA2568c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
    SubjectC=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA
    ValidFrom2019-05-02 00:00:00
    ValidTo2038-01-18 23:59:59
    Signature6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber300f6facdd6698747ca94636a7782db9
    Version3
    Certificate 0090397f9ad24a3a13f2bd915f0838a943
    FieldValue
    ToBeSigned (TBS) MD526ec2c9bfcb06fdf8a6d95f2c616fd72
    ToBeSigned (TBS) SHA1635466f1432046f6fd338624c068872ab6488b12
    ToBeSigned (TBS) SHA2562219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
    SubjectC=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3
    ValidFrom2022-05-11 00:00:00
    ValidTo2033-08-10 23:59:59
    Signature73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityFalse
    SerialNumber0090397f9ad24a3a13f2bd915f0838a943
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoCreateFile
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • ZwDeleteFile
    • PsGetVersion
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • KeSetEvent
    • KeInitializeEvent
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • ZwCreateFile
    • IoFreeIrp
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD5093a2a635c3a27aac50efd6463f4efa1
    SHA1b34a012887ddab761b2298f882858fa1ff4d99f1
    SHA2565b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d
    Authentihash MD5dab51577c44fda1574532847f4deb56c
    Authentihash SHA1c7cb92f60ffe07d1c9bfa43ea1213f8c8f766022
    Authentihash SHA2566ee267fc3d0ac2662a9cfdb0ed5a2354ee09ef4c218303f20350177cae125cf7
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD5844af8c877f5da723c1b82cf6e213fc1
    SHA14f2d9a70ea24121ae01df8a76ffba1f9cc0fde4a
    SHA2566994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77
    Authentihash MD598a3ab2b723de48256701b417ff87a65
    Authentihash SHA1ff80d6663a92ff454526e88847cbb4d9bd00e21e
    Authentihash SHA25679278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-08 03:14:00
    MD52ec877e425bd7eddb663627216e3491e
    SHA1d4f5323da704ff2f25d6b97f38763c147f2a0e6f
    SHA25632882949ea084434a376451ff8364243a50485a3b4af2f2240bb5f20c164543d
    Authentihash MD575c70824590d4db183418c7fd9e47d2d
    Authentihash SHA11ccd8bc3104fe1654806752e1e6730d3ee0b4ee4
    Authentihash SHA256e7e7824d611527b67fc36128da1b35d9b8ce3ffdab3fb96e3dbabd6e9c9570c0
    RichPEHeaderHash MD557462998048f7ee977ca73cacd0a8a2a
    RichPEHeaderHash SHA1f1a4626b2b16389bf879d451c63ff53bca825d23
    RichPEHeaderHash SHA2569e96e39a30076c985ce6aa3547b8279c8f471122a0b25bebde5a189d9795d427
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5d11784fb81765023f89a4f4243fe1a9
    FieldValue
    ToBeSigned (TBS) MD5b5ff0da6f1d327dca52b08e9c7c8d439
    ToBeSigned (TBS) SHA1c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
    ToBeSigned (TBS) SHA25680a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
    SubjectC=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd.
    ValidFrom2014-01-17 00:00:00
    ValidTo2016-01-17 23:59:59
    Signature565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5d11784fb81765023f89a4f4243fe1a9
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoCreateFile
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • ZwDeleteFile
    • PsGetVersion
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • KeSetEvent
    • KeInitializeEvent
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • ZwCreateFile
    • IoFreeIrp
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-09 06:55:38
    MD50023ca0ca16a62d93ef51f3df98b2f94
    SHA197812f334a077c40e8e642bb9872ac2c49ddb9a2
    SHA25650819a1add4c81c0d53203592d6803f022443440935ff8260ff3b6d5253c0c76
    Authentihash MD5c12f9f4027088d2ca69b2d2fec33131b
    Authentihash SHA1f73aa876791246fb7486214e4d3f81a0d375e649
    Authentihash SHA25688b901ce8ee199bc371e9cf39ab5375d31c6881a25ba5827e9b32ba7946ecda1
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .%V,
    • .vK6
    • .ubd
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD5f69b06ca7c34d16f26ea1c6861edf62a
    SHA1fdbcebb6cafda927d384d7be2e8063a4377d884f
    SHA256770f33259d6fb10f4a32d8a57d0d12953e8455c72bb7b60cb39ce505c507013a
    Authentihash MD55d9b4ff04047d06a76354c7f7caa1e9e
    Authentihash SHA16230645a707228e023d7fc9c5c86c340be05f9c3
    Authentihash SHA25628d3a5a85eef4561c4ad08fd83aca4f7a946f8dca8bfb7958a855a80197f68a6
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-27 22:28:03
    MD5e8eac6642b882a6196555539149c73f2
    SHA13825ebb0b0664b5f0789371240f65231693be37d
    SHA25686047bb1969d1db455493955fd450d18c62a3f36294d0a6c3732c88dfbcc4f62
    Authentihash MD51584b06241f08d74434a452e798b2809
    Authentihash SHA18eca36d54d04736f61f54285bcee8c30ed892553
    Authentihash SHA256ff6108dd2017f9bc7ea93c43c1afbda0f1cc7b00f5afafb4ce3cf0a193e9598b
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD55ebfc0af031130ba9de1d5d3275734b3
    SHA148f03a13b0f6d3d929a86514ce48a9352ffef5ad
    SHA256bb2422e96ea993007f25c71d55b2eddfa1e940c89e895abb50dd07d7c17ca1df
    Authentihash MD51959eac3bb98c3032791b0dc6d662281
    Authentihash SHA1f8df5fd765770a56c227c66b47edcf38f868ef33
    Authentihash SHA256a0801ade5de44b65afb8c275e11e4d766ae64af1a5740ad4f1db1acc4e088774
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD540b968ecdbe9e967d92c5da51c390eee
    SHA1b8b123a413b7bccfa8433deba4f88669c969b543
    SHA25606c5ebd0371342d18bc81a96f5e5ce28de64101e3c2fd0161d0b54d8368d2f1f
    Authentihash MD598a3ab2b723de48256701b417ff87a65
    Authentihash SHA1ff80d6663a92ff454526e88847cbb4d9bd00e21e
    Authentihash SHA25679278979d9300670d1084493bbc03ae374efc5ab02850941e85753885fa88e47
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f5e8773b206b1ccd610000000000f5
    FieldValue
    ToBeSigned (TBS) MD5bf6aed18e4c3fd6ac87330096df18117
    ToBeSigned (TBS) SHA1f96be504b875f1e63bf51eacc6768e4fdecddcc6
    ToBeSigned (TBS) SHA25676c137a4dd29ebb1cb6a5d319d17e7049ad6d524f9de5d47c24c14b16a4f0720
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:52
    ValidTo2023-12-15 19:14:52
    Signature5548d9042f4a8d4776b5fccbacda2e58d5161fb7932287aa5da1c9afaca15c230908ed96adeb0f6a86dc3972a85de00fb4d4db0a52394116887998fd673f57a0520fa1e39806b348e555cfe5a419c501a0fbfbdb79e88d37656735fa6cd56d5c465fe3871f5157e357d73956d4586bd50508522be7e24d2357d7ab53e3ae46d2d168e52d0d15761eaab962c36ee0791cabd33869f11f9512772261cda6249f16f85772116cc0585975600e5fe949e1a2bb85820ddf901b9e48ee805aacd1c826a1304916e2180de5d3ecc2fc0375d3a877ab8a058dda7e05aa91727523e579d17ce0dce414612d9b638b1ff5ad74d654c5b7e638a3cca372c5f51db638794ed6
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f5e8773b206b1ccd610000000000f5
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-07 08:50:54
    MD5c71be7b112059d2dc84c0f952e04e6cc
    SHA19ee31f1f25f675a12b7bad386244a9fbfa786a87
    SHA2566661320f779337b95bbbe1943ee64afb2101c92f92f3d1571c1bf4201c38c724
    Authentihash MD501788e7162863cfe7aeba0f040a6cc08
    Authentihash SHA1ded2c02db6b5addf9d521361fd3657b2b6894a48
    Authentihash SHA256223b320fb86cd4a1019ce31ac6901ce6bc41792810bd995db232dad790398852
    RichPEHeaderHash MD5fcc2deab7e9faa5b1d77595feb500b14
    RichPEHeaderHash SHA1986d82b450e146954da1d2aa002df555a2458878
    RichPEHeaderHash SHA2568a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5f9e06262d2eed425c886a4709350426
    FieldValue
    ToBeSigned (TBS) MD5e01323d4e9f20b9c042abdd9585d2d81
    ToBeSigned (TBS) SHA1d1fab71f563191354037fe0bb8bf73718c721e45
    ToBeSigned (TBS) SHA2569db6a214ff40e20a9785ef23e93d98de1c0f3b018703c86e6c7cd0d4ade37a14
    SubjectC=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Luyoudashi Technology Co., Ltd., OU=Digital ID Class 3 , Microsoft Software Validation v2, CN=Shenzhen Luyoudashi Technology Co., Ltd.
    ValidFrom2014-05-06 00:00:00
    ValidTo2015-05-06 23:59:59
    Signature14a41c7ad5dc6309c5b0390f4dbdec058fab41138c90e8a92e5316495d46210a64a3573a304cb2d791c50f3815a2b7ed11057018158311d061080686a2bd6a0a3c9097161b98e46ab15267b3bbdbd76d43d1bc9a239a24e98a6673e1b1c6ca83230ce3862e0d422f113bb3b5fb2b9254346f40c810f6e0bbc7f137f22d0d272a150eac91baf8513472d277290dfc55c7d2b22003c0fccad9a29fbceeba1586efae4bd98de245bda466f7eca00673d4418f90609b9a6c5cbf1a25a3373f2744a3974cd0ba89f9d1b23a02058dd151c0fda03ffca6a40a6d91c7678b675996b5c0c63f491428684be2367b5a60048f3543b5ddf6ba5270bbe376f5e2b62b14fe6a
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5f9e06262d2eed425c886a4709350426
    Version3
    Certificate 611993e400000000001c
    FieldValue
    ToBeSigned (TBS) MD578a717e082dcc1cda3458d917e677d14
    ToBeSigned (TBS) SHA14a872e0e51f9b304469cd1dedb496ee9b8b983a4
    ToBeSigned (TBS) SHA256317fa1d234ebc49040ebc5e8746f8997471496051b185a91bdd9dfbb23fab5f8
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. , For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority , G5
    ValidFrom2011-02-22 19:25:17
    ValidTo2021-02-22 19:35:17
    Signature812a82168c34672be503eb347b8ca2a3508af45586f11e8c8eae7dee0319ce72951848ad6211fd20fd3f4706015ae2e06f8c152c4e3c6a506c0b36a3cf7a0d9c42bc5cf819d560e369e6e22341678c6883762b8f93a32ab57fbe59fba9c9b2268fcaa2f3821b983e919527978661ee5b5d076bcd86a8e26580a8e215e2b2be23056aba0cf347934daca48c077939c061123a050d89a3ec9f578984fbecca7c47661491d8b60f195de6b84aacbc47c8714396e63220a5dc7786fd3ce38b71db7b9b03fcb71d3264eb1652a043a3fa2ead59924e7cc7f233424838513a7c38c71b242228401e1a461f17db18f7f027356cb863d9cdb9645d2ba55eefc629b4f2c7f821cc04ba57fd01b6abc667f9e7d3997ff4f522fa72f5fdff3a1c423aa1f98018a5ee8d1cd4669e4501feaaeefffb178f30f7f1cd29c59decb5d549003d85b8cbbb933a276a49c030ae66c9f723283276f9a48356c848ce5a96aaa0cc0cc47fb48e97af6de35427c39f86c0d6e473089705dbd054625e0348c2d59f7fa7668cd09db04fd4d3985f4b7ac97fb22952d01280c70f54b61e67cdc6a06c110384d34875e72afeb03b6e0a3aa66b769905a3f177686133144706fc537f52bd92145c4a246a678caf8d90aad0f679211b93267cc3ce1ebd883892ae45c6196a4950b305f8ae59378a6a250394b1598150e8ba8380b72335f476b9671d5918ad208d94
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611993e400000000001c
    Version3
    Certificate 5200e5aa2556fc1a86ed96c9d44b33c7
    FieldValue
    ToBeSigned (TBS) MD5b30c31a572b0409383ed3fbe17e56e81
    ToBeSigned (TBS) SHA14843a82ed3b1f2bfbee9671960e1940c942f688d
    ToBeSigned (TBS) SHA25603cda47a6e654ed85d932714fc09ce4874600eda29ec6628cfbaeb155cab78c9
    SubjectC=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature5622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber5200e5aa2556fc1a86ed96c9d44b33c7
    Version3
    Certificate 300f6facdd6698747ca94636a7782db9
    FieldValue
    ToBeSigned (TBS) MD563499ed59a1293b786649470e4ce0bd7
    ToBeSigned (TBS) SHA17309d8eaa65da1f3da7030c08f00a3b0a20fa908
    ToBeSigned (TBS) SHA2568c8d2046b29e792e71b28705fe67c435208a336dde074a75452d98e72c734937
    SubjectC=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Time Stamping CA
    ValidFrom2019-05-02 00:00:00
    ValidTo2038-01-18 23:59:59
    Signature6d5481a5335d16e1b553819175df037a320b2d258411b2b0db2a7d2a05f5bc3b27f45aa0b9495990296c61cbb550dbe27df99f00ef40c3add3e2e456f95841cff142e5107dffb0741f8fc65c09f9335eeaa01c26585cf3b4110fd5d5c3e2bcd55878bf4876e144676d8fb043100f8de4f93862bf1301c585a34cc5ccb2533095a4d6f4965608b8cd5c7f0196be72526a3b42377c1678399393949bb1dcb26d416d67cdc96f903d7f4572c11b23d6c2558466e4b3c56606f6f3d64b5eada32b428a2192fea86f5a2570628173635ea0bbd8dcd74ad33daf830638121d24872de4fc02d63e7704bc0436b5e777cb9c2e8d2318b9a3c2471df05dd6a1735705689aa7c937651dbeeabcd842834305a58ba609ffd1a194a64eaa3d09f5056cb7d2645ad82a22c24b9df1395e4cde483d9b34969a095f8efdf7b15291ce3f89f61ca1b5a9751f71bf5b435d653d50816eabf0d0d3fcb2b31fb6999626f43c798b5c64cccdee279ae5a0c00c7287c16e4d5ad31eeaf044e6326f1ceb174e94c37865203b0f41aa1fe9a1419dfeb1b8a0652a34e0dea8f93ce6c130bbc0a0632cfc5c1600a8d0c47fea119d1e06c6a66d325db438092b4907aafdec30daf1a72fcfb7fdfad0a384d9279efb016677b95610e1206ec6aeb1f9b6bac8355d33768ef17c200c2a77aeb5a20286ba29eeb45a00b18cabe3f90ac9545dd4b96a749ebd48ae98
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityTrue
    SerialNumber300f6facdd6698747ca94636a7782db9
    Version3
    Certificate 0090397f9ad24a3a13f2bd915f0838a943
    FieldValue
    ToBeSigned (TBS) MD526ec2c9bfcb06fdf8a6d95f2c616fd72
    ToBeSigned (TBS) SHA1635466f1432046f6fd338624c068872ab6488b12
    ToBeSigned (TBS) SHA2562219bd6adf84dc8f6f04833974d150f75f5ce79cbf85788a6f7efaa4a5205839
    SubjectC=GB, ST=Manchester, O=Sectigo Limited, CN=Sectigo RSA Time Stamping Signer #3
    ValidFrom2022-05-11 00:00:00
    ValidTo2033-08-10 23:59:59
    Signature73daed6872cbc2b940a131bbb403a32d147b24e7b45b157da8e9fdadd1920d7c3d36a069d9f39a30daac69d67457243f7e0f3cd9f5c379256c26e88d6893cef17789397fa80405da34c314ea9f0854abffc47e966c2bd394ebb46ce0454d2cb2f73b3b5ab5c1fbd789756d987272f6f70728f3d3b2d0eb19be152c78efcd45a000e4f80476bb57c590be775490749e0b4f4dc4aa138f97af01352bcb9b1178e9f2f989043c4ee3821262ebb4440c7541c20f34b8889dc822f1136adb182f6e78adc405b4e884089307f97d83fe689834e477e5b1ce8c946cdb036d2805477e9b2ef064fbdba40331107c1afb3c1980d10b70b9555f47be3964ceb7da235432e346b232d8d22986c9155d8095af02fbb4d12e9d387c35e00f1ced1b47489c226a5582d9f2ba086503e5f129f3488a09014ca679f2a2b61a9994eb9728e1be7d1ba17ced5680a6f4223390e48453fc2afac0a797a8eab58d7acee4e04ba133ab0b76a0d56916b78e66bf5ffa1fc4a87fa7a14814910d82fcbd4d99edc9e66c36fe774399b8692d7c612feda3b049fe5bbe692491ff93fc5769924bd9053f6d8672d3a2d0c064d23a42c11a03fbd0ed9a21b83fafa6b25154d54cc5ca1f128d57c639ed5cffec9f2676ad646667e8aa30e0d2adb77db16a41276e038aa374e08a09826ebfe3f6b7bc9e0b29186881a19c3f6e16594b1409099ae6aebf6015dd86f5
    SignatureAlgorithmOID1.2.840.113549.1.1.12
    IsCertificateAuthorityFalse
    SerialNumber0090397f9ad24a3a13f2bd915f0838a943
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • KeWaitForSingleObject
    • ObReferenceObjectByHandle
    • PsThreadType
    • PsCreateSystemThread
    • KeInitializeEvent
    • KeSetEvent
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • MmProbeAndLockPages
    • IoFreeIrp
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-08 03:14:17
    MD50ea8389589c603a8b05146bd06020597
    SHA13c1c3f5f5081127229ba0019fbf0efc2a9c1d677
    SHA256f9f2091fccb289bcf6a945f6b38676ec71dedb32f3674262928ccaf840ca131a
    Authentihash MD50318de365e28ee38442c92b03747b088
    Authentihash SHA1ff0497dbd779bd65bbb7302b360dc0738a464e9b
    Authentihash SHA256dd759c6b9c4222c7b19e8b0ba7288d7395594d6884b9bcdf0ccfada3e6b7a8d5
    RichPEHeaderHash MD5fcc2deab7e9faa5b1d77595feb500b14
    RichPEHeaderHash SHA1986d82b450e146954da1d2aa002df555a2458878
    RichPEHeaderHash SHA2568a1062d510272d9077cb3bc5a2afaeb4284c1d31bca2a87324830440d1165e6c
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 5d11784fb81765023f89a4f4243fe1a9
    FieldValue
    ToBeSigned (TBS) MD5b5ff0da6f1d327dca52b08e9c7c8d439
    ToBeSigned (TBS) SHA1c7acfdfc234a3bb37535cbe2785d9202b4b0a10c
    ToBeSigned (TBS) SHA25680a8f0e8652dcea59596b4238f4c2d9f0212a25ea7434fde70a68a202b7ed0b1
    SubjectC=CN, ST=Shandong, L=Binzhou, O=Binzhoushi Yongyu Feed Co.,LTd., CN=Binzhoushi Yongyu Feed Co.,LTd.
    ValidFrom2014-01-17 00:00:00
    ValidTo2016-01-17 23:59:59
    Signature565de91bd9b0bbefe729b5e1a4070c18ee9855ad678967425dd8f4284cdd54fd20affa0449eb2061c26c0720e6b64ee7323461482ad375a2223074f1d41c96b48249ef810d1dc390b89890e703a407c05c7f5d8670573f22dcf7aa210b6d35793423e62a015309d1b37bc59664c32778d78bda41c215a9db9f13c95d922b5d2c0a798b3a642f50cc1aa12db6a398ab2741ce185e65d24ecbcad0d2309cf28530ae4c2ab4207dd35168d612ba3974230fd8d6121f4a9bd47b8ccb5e431f56e7b7f31e879a0f905dc16d1b73f0aa3ef9aeef75a471c09d484c1f474f97fcae827f29cedbd9f022d3e14a1d7ed7792a62b581f58e5e74c5eae41a32b9cc1da2f889
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber5d11784fb81765023f89a4f4243fe1a9
    Version3
    Certificate 47974d7873a5bcab0d2fb370192fce5e
    FieldValue
    ToBeSigned (TBS) MD5e3a93dc2a8a8a668fdbb286bfe9afab5
    ToBeSigned (TBS) SHA195795d2aa2a554a423bc8c6e5b0a016d14887d35
    ToBeSigned (TBS) SHA256d8844186775bddbccaf3dc017064df7d760fd4b85c5d07561a3efd7da950f89e
    SubjectC=US, O=Thawte, Inc., CN=Thawte Code Signing CA , G2
    ValidFrom2010-02-08 00:00:00
    ValidTo2020-02-07 23:59:59
    Signature56fe535ce1c79ebca7ed7e536d6a144b518c405e805faaa4e82fef38c804c9ca3ecfdf3a584eb0d4b663c52957fa02059a454d68db2a1bd4343d9f00c35acb9549a56ee1b0c5fc414d414a6fd377c8d7388de419de18f31f1565836d450c53f90a9a2ea55dbf6f32811892196a5500ad631c52067e55d92968ae4a7c189a79886b2323d827382a298776cafbc7b662231fed7a564cdd9c325bf53d0c4618953b2a2368836441d9006d0f1924156872bdc571676eac4cdb90eb51a51a6207d0be6a00473c722fec4f613e7385ce5a0ab7bac01c1375e3223928dd6d1d09469d4fbae8408191c6a4ce94721b01cf2a6e15679589ae7db7b7cdf90a3d75b66b3c25
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber47974d7873a5bcab0d2fb370192fce5e
    Version3
    Certificate 611fb0a400000000001d
    FieldValue
    ToBeSigned (TBS) MD5a3f222107d4e1085e73b5b589c2f480b
    ToBeSigned (TBS) SHA1b94aa26cd77c48d91a53ac44506cbd255e1d362c
    ToBeSigned (TBS) SHA256a39ed0d6fd4eb1a6f7fed60f726e23eae668b7591bc004644625d22c701213fa
    SubjectC=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. , For authorized use only, CN=thawte Primary Root CA
    ValidFrom2011-02-22 19:31:57
    ValidTo2021-02-22 19:41:57
    Signature2dcc71b5e8ba94ff5ee64467007b6afc412c3ee70e41855ab12a932ba95b89f2f72b499c8003f297b8e760a80ed7fd5de545467594f4ed1c9de166228b61fb29f2c6a8bdf387c98f7f47e1c058b64a1aa2e7f718606969e083069e26c775c40c0d79da746b52b9fae8ea3359b9bb18dd291a14dfd36a37277a9da0dacffffc22c4faf009ff33e93e17ba1cc742cfce2743d30c0c5581303db96060ce02ece19ee81ddc852ce0a18d966d95ac17a4713ea16741b6281d2ce3b615e5b7e5a2f6256d86e320acf9f8314f8e629b9833376d6af735523e90feb03b5fc5b852a9e06ea0479a279e97aea24a9e531939ec357ec659de3ae0aaf533f06abda0821812dea18c4570ca2bd62e959145995a5c240049bd23b30ceca43df5b9e1d1b1825a38eea3fba1ab483a8c5dffa065223fd3d3fe4990db1446a3852e8a554b09ab38b2ab63a008d1fdad48e273d812bcc26ca516fad09ac05e38383a2b718e553aac42197a1f0d4220e7ab5d8c6880524ca1c0d488d02321fb901309007b4937afa9df486022abf4f6c2363bf8513c34bbc586e43ae19f4b90fe5461024b159c34176aa94b8d4cb69d2326c83af1d6b805cdda1d6240183a2f1b41cd3a993a0aa9d1d77eb8c4aff7b8c980105ed55df6ce7a9a02c50f6381efb564e9fc5bd8d2619a68c37cf9c78df91e87d5fa2cf816ae9dab068fc86dc741cda14e84e3dac26ebcfb
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber611fb0a400000000001d
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • KeWaitForSingleObject
    • ObReferenceObjectByHandle
    • PsThreadType
    • PsCreateSystemThread
    • KeInitializeEvent
    • KeSetEvent
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • IoGetRelatedDeviceObject
    • MmProbeAndLockPages
    • IoFreeIrp
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-09 06:55:46
    MD519bdd9b799e3c2c54c0d7fff68b31c20
    SHA1ea4a405445bb6e58c16b81f6d5d2c9a9edde419b
    SHA256e6f764c3b5580cd1675cbf184938ad5a201a8c096607857869bd7c3399df0d12
    Authentihash MD5619b74b682d2abd190cb3e0ac5ecd6f7
    Authentihash SHA1ed5e61e534550b1f286d0801d4464d45f38d2739
    Authentihash SHA25640e0be2ed5d07d5ecf14232fe64a95c7ad6fd942a60b4a6e21fda69c75bbb78d
    RichPEHeaderHash MD5ffdf660eb1ebf020a1d0a55a90712dfb
    RichPEHeaderHash SHA13e905e3d061d0d59de61fcf39c994fcb0ec1bab3
    RichPEHeaderHash SHA2562b3f99a94b7a7132854be769e27b331419c53989ef42f686d6f5ba09ddefefd6
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe
    • ntoskrnl.exe
    • HAL.dll

    Imported Functions

    Expand
    • IoDeleteDevice
    • ExAllocatePool
    • NtQuerySystemInformation
    • ExFreePoolWithTag
    • IoAllocateMdl
    • MmProbeAndLockPages
    • MmMapLockedPagesSpecifyCache
    • MmUnlockPages
    • IoFreeMdl
    • KeQueryActiveProcessors
    • KeSetSystemAffinityThread
    • KeRevertToUserAffinityThread
    • DbgPrint
    • _except_handler3
    • KeQueryPerformanceCounter

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .!ah
    • .ayl
    • .a"#
    • .reloc
    • .rsrc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD588bea56ae9257b40063785cf47546024
    SHA1b5a8e2104d76dbb04cd9ffe86784113585822375
    SHA256e1cb86386757b947b39086cc8639da988f6e8018ca9995dd669bdc03c8d39d7d
    Authentihash MD5265462dbda175886e0c02257f2385753
    Authentihash SHA10e45b675fec76249e64f8a2d4bd5483886b91169
    Authentihash SHA25637a1a3fa4dc148924c1bfb60c88ffef082ee58cd0ee804d2de0f1d22c1e7802c
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-27 22:28:14
    MD53f11a94f1ac5efdd19767c6976da9ba4
    SHA1f92faed3ef92fa5bc88ebc1725221be5d7425528
    SHA2564734a0a5d88f44a4939b8d812364cab6ca5f611b9b8ceebe27df6c1ed3a6d8a4
    Authentihash MD5096f2e1d163a780fa3cb7f0870fe2b34
    Authentihash SHA10e4f45b762d5c548322cde3d0e2d5ff2d81c87f1
    Authentihash SHA256948735962436df24baa69e58421345d4a295e0821f4f93fd9f64e11f51a9666f
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD50bdd51cc33e88b5265dfb7d88c5dc8d6
    SHA16a6fe0d69e0ea34d695c3b525e6db639f9ad6ac5
    SHA256ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620
    Authentihash MD5207e5de5c589271ee469dd33442a0bb0
    Authentihash SHA134e83718226e039ebf28c4ea2284b011701710d0
    Authentihash SHA256aa833c9e3bcdc33eaf64fd913e80f5b9ce60618f6e3ff4c386420fea4a494380
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:24:09
    MD5b6b530dd25c5eb66499968ec82e8791e
    SHA19c1c9032aa1e33461f35dbf79b6f2d061bfc6774
    SHA256fa9abb3e7e06f857be191a1e049dd37642ec41fb2520c105df2227fcac3de5d5
    Authentihash MD5dbc72430b48b0ca636a84b9e5ed0d534
    Authentihash SHA158ca196bfd54c6166aae0f8000fa8a1a66a0073e
    Authentihash SHA25645b969ae1b381716a29cd509622470b5b20b70c7efe4c9b7c0568faa298605ff
    RichPEHeaderHash MD5e1c6e942db6887e4c9e630b5bb75c313
    RichPEHeaderHash SHA1e703cd9718363d923287424967d01ca57fc8a842
    RichPEHeaderHash SHA2568afa5d95d504001486a7641c204a06b483d2cf4f3b4ed072606cc05759996d9d
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 33000000f3158ea57d1c559f290000000000f3
    FieldValue
    ToBeSigned (TBS) MD58d4476692bcda36ed89244b94bd705f0
    ToBeSigned (TBS) SHA1ce72176d5cad611366e13a9a997ad7ecc7eb815f
    ToBeSigned (TBS) SHA256dd1db9c0e7e50040ac6c586c1b6fd479cef240c064473373f75fbeb3e04ff972
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Hardware Compatibility Publisher
    ValidFrom2023-01-12 19:14:51
    ValidTo2023-12-15 19:14:51
    Signature04d1261b735b38b551b427cf9a295d4eb18edd92de14079aa33a10511ee6d262938b29ae208f96be64a80e2967fb8d7aa5750613901a9da6a82935398175482096430c9acecb55ee2c5468d119f467378c18251a8fe01e9d7b79bce903ccb7afb227e2d0abee00bd9fd6bbbbd67c014888dc46f3efa912d4576f7ca9980957609cd21fbd51815cb11bee95fa780498d905e866bc1a604e407ee0d97a105bcc8e600200b19b9c3a56cb3918047f21ba9ee2228b46b8e5c8b456ba65e6f0c40d28294b654761660e9d14948866c3f0f65f028e47641059d3f195812e871362128bcefb901d5aeace862e3d683b291d65c138138ea1335fe3552f4c46a7f7b0c6e5
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityFalse
    SerialNumber33000000f3158ea57d1c559f290000000000f3
    Version3
    Certificate 610baac1000000000009
    FieldValue
    ToBeSigned (TBS) MD5a569061297e8e824767dbc3184a69bea
    ToBeSigned (TBS) SHA1adbb26a587a8f44b4fccaecb306f980d1c55a150
    ToBeSigned (TBS) SHA256cec1afd0e310c55c1dcc601ab8e172917706aa32fb5eaf826813547fdf02dd46
    SubjectC=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Third Party Component CA 2012
    ValidFrom2012-04-18 23:48:38
    ValidTo2027-04-18 23:58:38
    Signature5a8a67daccd5fd0d264177bf0a4678b4b3de12692b7723c2652f015fd203f461ba509d2e8c3972f36c3e6ab11e766decb7f382dcccbbc56970287366173f54ebee011648c446d91b80ae813a8d0f796d68b09eea2d3f39d3ca387ebd5e7c086e19dcc6c2f438336861e2524783e1000156d2bacb878205310a418b4ee77f5f5fed5fd3392d45eba213bffd1ec298417161165fc80a70257c59693124e471e70abb0417f79f721ec9d2bb1abe3d02fe090cb243b4591a99539396215fe0d6b72601429536ac27fdbef48577683d18bdf4be98882211865216f345ec0397107087a37043713cdbc98603170cf5735bc67de15c64edd7c548d7ed32e2d1aad3cfa7f6574e61f977eb67f288b3de00da038fd08a34373e1dd862b8d2b1f3e12f8b723b81967c6ffcec667672601b24f2a0896d5b6d002eef28dd868705c2b4b9e5be64c22af24a155c98e2c42785ff52e3627e0fb2020bd766c70ab2d33d200414503259830a7d9bed5a38120152ba2f5e20728e4af1fde771028c3be107bec973f4dd47d8b4efb4a4b330b9893e76cab90098567eabea8ab8a5d038ab6977130b142fe9aa411ff7babd3a2b348aee0aab63e663f788248e200d2b3b9de3c24952ac9f1f0e393b5dd46e506ae67d523aaa7c3315290d265e0158a74ea93d7a846f743f609fe4324f3600af6d71d33ea646655f8174f1fec171da4ca0415a82ddf11f
    SignatureAlgorithmOID1.2.840.113549.1.1.11
    IsCertificateAuthorityTrue
    SerialNumber610baac1000000000009
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • IoDeleteDevice
    • IoDetachDevice
    • memcpy
    • memset
    • ZwClose
    • ExFreePoolWithTag
    • ExAllocatePoolWithTag
    • ObOpenObjectByPointer
    • PsProcessType
    • PsLookupProcessByProcessId
    • MmGetSystemRoutineAddress
    • RtlInitUnicodeString
    • IofCallDriver
    • PsGetCurrentProcessId
    • IoGetLowerDeviceObject
    • ObfDereferenceObject
    • IoGetAttachedDeviceReference
    • IoUnregisterShutdownNotification
    • KeDelayExecutionThread
    • IoAttachDeviceToDeviceStackSafe
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoRegisterShutdownNotification
    • IoUnregisterFsRegistrationChange
    • IoRegisterFsRegistrationChange
    • _vsnwprintf
    • PsGetVersion
    • ZwAllocateVirtualMemory
    • MmUnmapLockedPages
    • IoFreeMdl
    • MmMapLockedPages
    • MmBuildMdlForNonPagedPool
    • MmCreateMdl
    • ZwReadFile
    • ZwQueryInformationFile
    • IoCreateFile
    • _wcsicmp
    • _wcsnicmp
    • RtlEqualUnicodeString
    • ZwWriteFile
    • ZwFlushKey
    • ZwSetValueKey
    • ZwQueryValueKey
    • RtlRandom
    • KeQuerySystemTime
    • ZwDeleteKey
    • ZwOpenKey
    • ZwEnumerateKey
    • IoFreeIrp
    • KeSetEvent
    • KeWaitForSingleObject
    • KeGetCurrentThread
    • KeInitializeEvent
    • IoAllocateIrp
    • IoGetRelatedDeviceObject
    • ObReferenceObjectByHandle
    • IoFileObjectType
    • ObQueryNameString
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • PsGetProcessPeb
    • RtlCreateUnicodeString
    • ZwDeleteValueKey
    • ZwCreateKey
    • RtlFreeUnicodeString
    • ZwDeleteFile
    • PsRemoveLoadImageNotifyRoutine
    • CmUnRegisterCallback
    • PsSetLoadImageNotifyRoutine
    • CmRegisterCallback
    • ObReferenceObjectByName
    • ZwFreeVirtualMemory
    • ZwWaitForSingleObject
    • KeUnstackDetachProcess
    • KeStackAttachProcess
    • ZwDuplicateObject
    • PsGetProcessSessionId
    • _strnicmp
    • RtlSubAuthoritySid
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • ZwOpenProcessTokenEx
    • PsTerminateSystemThread
    • PsThreadType
    • PsCreateSystemThread
    • KeTickCount
    • KeBugCheckEx
    • _vsnprintf
    • strncmp
    • strchr
    • strncpy
    • strstr
    • ExAllocatePool
    • _stricmp
    • rand
    • ZwCreateFile
    • IoBuildDeviceIoControlRequest
    • MmProbeAndLockPages
    • IoAllocateMdl
    • _allshl
    • RtlUnwind

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    PropertyValue
    Filenamewindbg.sys
    Creation Timestamp2023-03-30 04:23:58
    MD577a7ed4798d02ef6636cd0fd07fc382a
    SHA176789196eebfd4203f477a5a6c75eefc12d9a837
    SHA256f936ec4c8164cbd31add659b61c16cb3a717eac90e74d89c47afb96b60120280
    Authentihash MD5ff65997d5644ff042a7e3a5cb9030af2
    Authentihash SHA1a1c5483d4d29d0cd9edc6e42a21d70f56de12aaf
    Authentihash SHA2569be868eb7e177ee6d762f2a022acf18b6b190fecbe445b3c09fc0494e8244ee8
    RichPEHeaderHash MD50b8725117e665d5272218cb41038327d
    RichPEHeaderHash SHA1a6dde20a0c8ba6cfe531ce1a57035b8d7b3d900a
    RichPEHeaderHash SHA256b54213d1248761579f5f569ab7e32402dd88a12622377d381f7eb55d4f4eb053
    CompanyMicrosoft Corporation
    DescriptionWindows GUI symbolic debugger
    ProductMicrosoft? Windows? Operating System
    OriginalFilenamewindbg.sys

    Download

    Certificates

    Expand
    Certificate 61204db4000000000027
    FieldValue
    ToBeSigned (TBS) MD58e3ffc222fbcebdbb8b23115ab259be7
    ToBeSigned (TBS) SHA1ee20bff28ffe13be731c294c90d6ded5aae0ec0e
    ToBeSigned (TBS) SHA25659826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
    ValidFrom2011-04-15 19:45:33
    ValidTo2021-04-15 19:55:33
    Signature208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber61204db4000000000027
    Version3
    Certificate 012eab44fa8853d913e7107c89406432
    FieldValue
    ToBeSigned (TBS) MD55d40693a8cfc4fd21f0c610ed3ee8477
    ToBeSigned (TBS) SHA14dffeb59ea4c32c7b87c9fe44d55f5e622444824
    ToBeSigned (TBS) SHA256d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74
    Subject??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.
    ValidFrom2020-11-17 00:00:00
    ValidTo2023-11-12 23:59:59
    Signature9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityFalse
    SerialNumber012eab44fa8853d913e7107c89406432
    Version3
    Certificate 0dd0e3374ac95bdbfa6b434b2a48ec06
    FieldValue
    ToBeSigned (TBS) MD5f92649915476229b093c211c2b18e6c4
    ToBeSigned (TBS) SHA12d54c16a8f8b69ccdea48d0603c132f547a5cf75
    ToBeSigned (TBS) SHA2562cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb
    SubjectC=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA
    ValidFrom2012-04-18 12:00:00
    ValidTo2027-04-18 12:00:00
    Signature9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061
    SignatureAlgorithmOID1.2.840.113549.1.1.5
    IsCertificateAuthorityTrue
    SerialNumber0dd0e3374ac95bdbfa6b434b2a48ec06
    Version3

    Imports

    Expand
    • ntoskrnl.exe

    Imported Functions

    Expand
    • ExAllocatePoolWithTag
    • PsProcessType
    • IoGetLowerDeviceObject
    • ExFreePoolWithTag
    • IoRegisterShutdownNotification
    • IoAttachDeviceToDeviceStackSafe
    • PsLookupProcessByProcessId
    • RtlInitUnicodeString
    • IoDeleteDevice
    • MmGetSystemRoutineAddress
    • IoDetachDevice
    • KeDelayExecutionThread
    • IoUnregisterShutdownNotification
    • ZwClose
    • IoGetAttachedDeviceReference
    • PsGetCurrentProcessId
    • ObfDereferenceObject
    • IoCreateDevice
    • IoEnumerateDeviceObjectList
    • IoUnregisterFsRegistrationChange
    • ObOpenObjectByPointer
    • IoRegisterFsRegistrationChange
    • IofCallDriver
    • MmUnmapLockedPages
    • _wcsicmp
    • PsGetProcessPeb
    • ZwCreateKey
    • RtlCreateUnicodeString
    • MmMapLockedPages
    • PsSetLoadImageNotifyRoutine
    • _wcsnicmp
    • ZwReadFile
    • IoGetRelatedDeviceObject
    • KeSetEvent
    • IoCreateFile
    • KeInitializeEvent
    • ZwDeleteValueKey
    • ZwSetValueKey
    • RtlEqualUnicodeString
    • MmBuildMdlForNonPagedPool
    • IoFreeMdl
    • RtlFreeUnicodeString
    • ObQueryNameString
    • IoFileObjectType
    • ZwQueryValueKey
    • _vsnwprintf
    • RtlRandom
    • ObReferenceObjectByHandle
    • KeWaitForSingleObject
    • PsRemoveLoadImageNotifyRoutine
    • ZwFlushKey
    • MmCreateMdl
    • IoFreeIrp
    • ZwDeleteFile
    • PsGetVersion
    • IoAllocateIrp
    • CmRegisterCallback
    • RtlCopyUnicodeString
    • MmIsAddressValid
    • CmUnRegisterCallback
    • ZwQueryInformationFile
    • ZwWriteFile
    • ZwDeleteKey
    • ZwEnumerateKey
    • ZwAllocateVirtualMemory
    • ZwOpenKey
    • KeUnstackDetachProcess
    • ZwWaitForSingleObject
    • ZwFreeVirtualMemory
    • PsGetProcessSessionId
    • ZwDuplicateObject
    • ObReferenceObjectByName
    • KeStackAttachProcess
    • RtlSubAuthoritySid
    • _strnicmp
    • ZwOpenProcessTokenEx
    • PsCreateSystemThread
    • PsTerminateSystemThread
    • PsThreadType
    • RtlSubAuthorityCountSid
    • ZwQueryInformationToken
    • KeBugCheckEx
    • strncmp
    • strstr
    • strchr
    • strncpy
    • _vsnprintf
    • rand
    • _stricmp
    • ExAllocatePool
    • IoBuildDeviceIoControlRequest
    • ZwCreateFile
    • MmProbeAndLockPages
    • IoAllocateMdl
    • __C_specific_handler

    Exported Functions

    Expand

    Sections

    Expand
    • .text
    • .rdata
    • .data
    • .pdata
    • INIT
    • .rsrc
    • .reloc

    Signature

    Expand
    {
      "Certificates": [
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "61204db4000000000027",
          "Signature": "208cc159ed6f9c6b2dc14a3e751d454c41501cbd80ead9b0928b062a133f53169e56396a8a63b6782479f57db8b947a10a96c2f6cbbda2669f06e1acd279090efd3cdcac020c70af3f1bec787ed4eb4b056026d973619121edb06863e09712ab6fa012edd99fd2da273cb3e456f9d1d4810f71bd427ca689dccdd5bd95a2abf193117de8ac3129a85d6670419dfc75c9d5b31a392ad08505508bac91cac493cb71a59da4946f580cfa6e20c40831b5859d7e81f9d23dca5b18856c0a86ec22091ba574344f7f28bc954aab1db698b05d09a477767eefa78e5d84f61824cbd16da6c3a19cc2107580ff9d32fde6cf433a82f7ce8fe1722a9b62b75fed951a395c2f946d48b7015f332fbbdc2d73348904420a1c8b79f9a3fa17effaa11a10dfe0b2c195eb5c0c05973b353e18884ddb6cbf24898dc8bdd89f7b393a24a0d5dfd1f34a1a97f6a66f7a1fb090a9b3ac013991d361b764f13e573803afce7ad2b590f5aedc3999d5b63c97eda6cb16c77d6b2a4c9094e64c54fd1ecd20ecce689c8758e96160beeb0ec9d5197d9fe978bd0eac2175078fa96ee08c6a2a6b9ce3e765bcbc2d3c6ddc04dc67453632af0481bca8006e614c95c55cd48e8e9f2fc13274bdbd11650307cdefb75e0257da86d41a2834af8849b2cfa5dd82566f68aa14e25954feffeaeeefea9270226081e32523c09fcc0f49b235aa58c33ac3d9169410",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA",
          "TBS": {
            "MD5": "8e3ffc222fbcebdbb8b23115ab259be7",
            "SHA1": "ee20bff28ffe13be731c294c90d6ded5aae0ec0e",
            "SHA256": "59826b69bc8c28118c96323b627da59aaca0b142cc5d8bad25a8fcfd399aa821",
            "SHA384": "f2dab7e56a33298654924501499487f6ba72c7d9477476a186e1ed7a9be031fade0e35ac09eff5e56bbbab95ae5374e7"
          },
          "ValidFrom": "2011-04-15 19:45:33",
          "ValidTo": "2021-04-15 19:55:33",
          "Version": 3
        },
        {
          "IsCertificateAuthority": false,
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Signature": "9451eb3eee03a01f0c66d87dc537eb17f37bc157ec9037c05a55ee4a3d0c207c67b981841c2b642084bca0a3c65f8e8eb5413f3e897b267aad91044c4098319a1f703fa995afdc53896d20245af8c2829e80081d36135ac1acb414bf966fd0af157b3fc2dac8f616f2b794a76b0fb7b300db0c579f093e31dd739b43f09fb7a73c6c914d8453032ea14950246e80abfc7fbaff2597ab68b6f03d30d97edbee25c0e2786040a1770e26661867920f3b01132c4ac5dc9ef97ae59e7baad68fe1b2b12acc7ed54697e9d4025ced62ac9dca82104ac7dd8219b331fcbed72aab33b95fed0ef6a1f9831c8b68457be6b080ae3c9ae15df500a53b7b2a198ee71abd1b",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "??=CN, ??=, ??=, ??=Private Organization, serialNumber=91420100MA4KN92W72, C=CN, ST=, L=, O=Wuhan Jiajia Yiyong Technology Co., Ltd., CN=Wuhan Jiajia Yiyong Technology Co., Ltd.",
          "TBS": {
            "MD5": "5d40693a8cfc4fd21f0c610ed3ee8477",
            "SHA1": "4dffeb59ea4c32c7b87c9fe44d55f5e622444824",
            "SHA256": "d7380ff1b3d400fdf8cf2d8ab18ac65a071ae51c83cce017fa236fb530c4af74",
            "SHA384": "9feb1b57516ca5131bb53e05cfc2c1d1df028761ede93e58f42026a9781507a72e28bb2aca693c72f29da7f0421f45bc"
          },
          "ValidFrom": "2020-11-17 00:00:00",
          "ValidTo": "2023-11-12 23:59:59",
          "Version": 3
        },
        {
          "IsCertificateAuthority": true,
          "SerialNumber": "0dd0e3374ac95bdbfa6b434b2a48ec06",
          "Signature": "9e5b963a2e1288acab016da49f75e40187a3a532d7bcbaa97ea3d61417f7c2136b7c738f2b6ae50f265968b08e259b6ceffa6c939208c14dcf459e9c46d61e74a19b14a3fa012f4ab101e1724048111368b9369d914bd7c2391210c1c4dcbb6214142a615d4f387c661fc61bffadbe4f7f945b7343000f4d73b751cf0ef677c05bcd348cd96313aa0e6111d6f28e27fcb47bb8b91120918678ea0ed428ff2ad52438e837b2ec96bb9fbc4a1650e15ebf517d23a032c7c1949e7ac9c026a2cc2587a0127e749f2d8db1c8e784beb9d1e9debb6a4e887371e12238cb2487e9737e51b2ff98eb4e7e2fe0ca0efab35ed1ba0542a8489f83f63fc4caa8df68a05061",
          "SignatureAlgorithmOID": "1.2.840.113549.1.1.5",
          "Subject": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "TBS": {
            "MD5": "f92649915476229b093c211c2b18e6c4",
            "SHA1": "2d54c16a8f8b69ccdea48d0603c132f547a5cf75",
            "SHA256": "2cd702a7dec30aa441345672e8992ef9770ce4946f276d767b45b0ed627658fb",
            "SHA384": "511b0e0d7f3a48935cf2413348ff5f327887dc1e58f887bb5ed528d09f79173b55ab6439cf097fc7693b5749f7304ace"
          },
          "ValidFrom": "2012-04-18 12:00:00",
          "ValidTo": "2027-04-18 12:00:00",
          "Version": 3
        }
      ],
      "CertificatesInfo": "",
      "Signer": [
        {
          "Issuer": "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA",
          "SerialNumber": "012eab44fa8853d913e7107c89406432",
          "Version": 1
        }
      ],
      "SignerInfo": ""
    }
    

    source

    last_updated: 2024-09-26